[sudo-users] RunAs support sudoers2ldif
Aaron Spangler
aaron777 at gmail.com
Thu Jan 6 22:17:10 EST 2005
Kenneth,
Looks perfect!
You could even add the 'description' attribute to describe the roll in
human terms so that you remember why you created it later.
Sorry I took so long to reply.
- Aaron
On Tue, 4 Jan 2005 13:01:53 +0100,
kenneth.gullberg at foreningssparbanken.se
<kenneth.gullberg at foreningssparbanken.se> wrote:
> Hi,
>
> Im setting up a test environment with the sudoers in ldap.
>
> Ive want to use RunAs aliases which is currently bug reported in
> sudoers2ldif:
>
> # BUGS:
> # Does not yet handle multiple lines with : in them
> # Does not yet handle runas (xxx) syntax.
> # Does not yet remove quotation marks from options
> # Does not yet escape + at the beginning of a dn
> # Does not yet handle line wraps correctly
> # Does not yet handle multiple roles with same name (needs tiebreaker)
>
> Ofcourse I want to use RunAs (xxx) syntax..
>
> The format of my sudoers today is:
>
> ----------
> User_Alias APP1_DEV=devuser1,devuser2
>
> Host_Alias APP1_TEST=app1test1,app1test2
>
> Runas_Alias APP1_RUN=app1testuser
>
> Cmnd_Alias APP1_CMD=/bin/ls
>
> Cmnd_Alias SHELLS=!/bin/sh (etc etc etc etc... )
>
> APP1 APP1_TEST=(APP1_RUN) PASSWD: APP1_CMD,!SHELLS
> -----------
>
> Can anyone confirm that this entry is the correct one with runas
> support?
>
> dn: cn=APP1,ou=sudoers,dc=test,dc=example,dc=com
> objectClass: top
> objectClass: sudoRole
> cn: APP1
> sudoUser: devuser1
> sudoUser: devuser2
> sudoHost: app1test1
> sudoHost: app1test2
> sudoRunAs: app1testuser
> sudoCommand: /bin/ls
> sudoCommand: !/bin/sh
> sudoOption: authenticate
>
> Best Regards
> Kenneth Gullberg
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>
More information about the sudo-users
mailing list